- Hacking group Gonjeshke Darande leaked sensitive user data.
- Israeli authorities arrested three citizens for spying for Iran.
- Past Nobitex transactions show signs of money laundering activity.
The fallout from the Nobitex hack is expanding beyond missing funds.
The $90 million breach of Iran’s largest cryptocurrency exchange, which took place on 18 June, has now been linked to a potential espionage case involving Israeli and Iranian operatives.
According to blockchain intelligence firm TRM Labs, three Israeli citizens were arrested on 24 June for allegedly spying for Iran, and the hack may have played a key role in their exposure.
The suspects, aged between 19 and 28, are believed to have been recruited by Iranian handlers and were reportedly paid in cryptocurrency.
Their tasks included photographing military sites, tagging pro-Iranian graffiti, tracking the movements of senior officials, and gathering surveillance data.
Israeli authorities claim that some of the crypto transactions linked to the suspects were traceable on-chain and may have been identified using data leaked from Nobitex.
Gonjeshke Darande claims responsibility for breach
The attack on Nobitex was carried out by the pro-Israeli hacking group Gonjeshke Darande, also known as Predatory Sparrow.
The group, known for targeting Iranian-linked infrastructure, has previously engaged in cyber operations believed to serve intelligence purposes.
Following the June 18 breach, Nobitex’s internal systems were compromised, and ov
